Cloud Security Engineer (Mainframe Security Specialist)

Job Summary:

We are seeking a Cloud Security Engineer (Mainframe Security Specialist) who ensures the migrated IBM Z environment’s security and compliance posture is robust and meets DoD requirements. This role combines cloud security practices with mainframe security expertise. It involves configuring mainframe security (e.g. RACF/ACF2) and implementing continuous security controls and audits in line with DevSecOps principles. A key outcome is achieving the necessary accreditation (ATO) for the system to operate at Secret level.

This position is contingent upon contract award. 

Job Duties and Responsibilities:

• Security Configuration: Configure and manage mainframe security subsystems – defining RACF/ACF2 profiles, user roles, dataset access rules, and system privileges to enforce least privilege access. Implement multi-factor authentication or integration with enterprise identity management as required.
• Compliance & Hardening: Apply DoD security hardening guidelines (e.g. DISA STIGs for z/OS) to the mainframe environment. Remediate any findings from security scans. Ensure all mainframe and hybrid cloud connections meet Secret-level encryption and security standards.
• DevSecOps Integration: Embed security checks into CI/CD and infrastructure automation pipelines. Set up automated vulnerability scanning of mainframe code (if applicable) and configuration compliance scanning for the system (for example, using z/OS compliance checker tools). Ensure that security gates (SAST/DAST, config checks) are part of the deployment process.
• ATO Documentation & Monitoring: Prepare and maintain documentation for the Risk Management Framework (RMF) to obtain Authority to Operate. This includes security control implementation statements, network diagrams, and access control lists for auditors. Post-implementation, continuously monitor security logs and alerts on the mainframe and cloud interfaces, and conduct periodic audits to ensure compliance is maintained.
• Other duties as assigned. 

Job Requirements (Education/Skills/Experience):

• 8+ years in IT security engineering, with at least 3+ years in mainframe security administration (RACF, ACF2, or Top Secret administration on z/OS).
• Familiarity with DoD cybersecurity requirements and processes (Security Technical Implementation Guides – STIGs, RMF/ATO process, NIST 800-53 controls).
• Knowledge of cloud security concepts (network segmentation, encryption, zero-trust) and how to extend them to a mainframe environment.
• Experience with DevSecOps tooling (CI/CD pipeline security scans, SIEM integration, automated compliance checks).
• Clearance: Active DoD Secret clearance required (working with Secret data and security controls).

Preferred Qualifications:

• Certifications such as CISSP, CISM or vendor-specific security certs (e.g. GIAC Mainframe Security, Certified Information Systems Security Officer).
• Experience in hybrid environments (e.g. securing data flows between on-prem mainframes and cloud services).
• Background in audit or security assessment roles, which helps in preparing thorough compliance documentation.

Diné Development Corporation (DDC) is a Navajo Nation owned family of companies that delivers IT, professional, and environmental solutions to advance the missions of federal, state, and tribal government agencies. As thought leaders and innovators, our team of specialists build client-centric solutions that solve critical challenges faced by defense, civilian, and healthcare organizations. Employing a mission-focused approach, we deliver value that not only enhances current operations, but also drives future change. Closely aligned with this approach is our commitment to advancing the Navajo Nation and its People. Through economic development and community empowerment, we elevate the Navajo Nation to provide lasting impact and sustainable growth for future generations. DDC’s ability to unite legacy-inspired technologies, industry best practices, and proven methodologies has contributed to our success for twenty years.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation, or any other basis prohibited by law. We participate in E-Verify.